Prof. John Banzhaf: Hacker with Off-the-Shelf Malware Can Steal More Votes Than Any Corrupt Politician

John Banzhaf, professor of public interest law at George Washington University Law School, talked with SiriusXM host Matt Boyle on Tuesday’s Breitbart News Daily about his warning that the election system could be hacked, possibly by foreign powers.

“Not only is it very troubling, but what the FBI report makes clear is that there is a new element, in addition to the ones I mentioned in my article – and on your radio broadcast, by the way – which has now made it the perfect storm. We’re literally sailing into a perfect storm,” Banzhaf warned, metaphorically referencing the George Clooney/Mark Wahlberg film of the same name.

“It was a combination of unusual circumstances, which greatly created a higher risk,” he said of The Perfect Storm. “And here I’ve just learned, or what the FBI has reported, is that you don’t have to be a super-hacker. You don’t have to be a foreign government to hack into these machines. What is surprising and shocking is how easy it was.”

“These guys used what we call COTS malware – Common, Off the Shelf – stuff you can go onto [on] the Internet, even if you’re only a middle-level hacker,” he warned.

Reaching for another movie analogy, he quoted from The Godfather: “A lawyer with a briefcase can steal more than a man with a gun.”

“Well, today, I think what’s so scary is that a hacker with some common, off-the-shelf, malware can steal more votes than any corrupt mayor or governor,” Banzhaf said.

He said our electoral system has become increasingly vulnerable to mischief, due to the reliance of more than a dozen states on electronic voting machines.

“Many of them do not leave what we call an audit trail; that is, there is no paper produced. So that means if you suspect that something has gone wrong, if you suspect a hacking, you can’t go back and compare the paper record with the electronic record and see what happened,” he explained.

The risk is compounded by the way “more and more of these computers are connected to the Internet,” which Banzhaf called an “open invitation” to attack.

“Any computer which is connected to the Internet today we know can be hacked,” he said, adding:

I mean, they hacked the Pentagon. They hacked Sony. They hacked the White House. They hacked our international banking system. And if these very sophisticated systems, with experts who are constantly updating the program, and checking for malware, and so on, can be hacked, well, certainly you can hack the election system in East Nowheresville somewhere. So get ’em off the Internet.

Banzhaf recommended coming up with “some simple, common standards in terms of how these are set up, and perhaps also how they are maintained – how frequently they’re checked, do they have malware, and so on.”

“Some are talking doing this by federal law. It could also be done by an interstate compact. Some of the bigger states, the more sophisticated states, could perhaps help to set the standards for the ones that are a little bit less sophisticated,” he suggested.

Banzhaf also postulated that the Electoral College increased the risk of hacking. “If we had a direct election for the president, it would be difficult to hack it because you’d have to talk about millions of votes. But here, with the Electoral College, it could be one state. Remember Florida. Remember a thousand votes in the 2000 election.”

He said that at least one known attack on an electoral system reportedly left “the fingerprints of Russians,” although it was not clear if the Russian government was directly involved.

Banzhaf said:

There are a number of countries, obviously, with sophisticated hacking capabilities, and we know that they are constantly testing and probing various different systems – not just our election systems, but as we know, for example, our electrical distribution system, our banking and stock trading computers, our flight control operations, and so on. So they’re constantly doing this. They’re always probing. The question is, can we be wary enough that we can make sure that, once those probes start, they are very quickly detected and stopped.

He noted that if the 2016 election turns out to be a close race, “and it comes down to only one state, then it is certainly much more likely, much easier, more probable, that somebody can go in there and change the votes of that state.”

“Now, they can do it with more old-fashioned techniques,” he allowed. “You probably remember all the dead people in Chicago who used to vote. Well, are they still voting? We don’t know. One of the problems is that a lot of the new laws designed to prevent voter fraud have been shot down, for various reasons.”

Banzhaf warned this would make it possible to change some votes in one of the larger states and “change the whole electoral system.”

He alluded to the FBI’s announcement that breaches had been discovered in the Illinois and Arizona voter registration databases, which led Boyle to ask if any other states were seen as prime risks for election hacking.

Banzhaf cited the states that use electronic systems lacking a paper audit trail of ballots, including Delaware, Georgia, Louisiana, New Jersey, and South Carolina, as well as parts of Arkansas, Florida, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee, Texas, and Virginia.

“And that’s only one of these various techniques,” he said, before adding:

So I don’t think that the way to go is to try to single out one or two or three states and say, “You guys are way behind the curve, and you gotta come aboard.” I mentioned here just about a dozen states with this one problem. There are some states which permit online voting. Well, that opens up a whole different kind of fraud.

Banzhaf warned:

There are states, or counties at least, where when you go to vote in the booth, you get a little card, like your credit card, and you stick your card in there, and that tells you you get to vote for these 15 or 17 different offices. Well, the problem here is that you can take that card and manipulate it, very easily, put it into the machine, instead of casting one vote for, say, your presidential candidate. You might be able to cast a hundred votes. Depending on the sophistication of the machine, you might use that card to put malware in there, which could do all kinds of things, in addition to changing the vote.

“I don’t think I could tell you which states are the prime targets. I’m not sure that I know it would be the kind of thing that we’d want to be broadcasting anyway because you’d just be inviting more people,” he noted.

“And, again, it doesn’t have to be Russia. It could be these middle level hackers. You go onto the Internet. You punch in a couple of words. It sends you to these sites. These sites are available.” Elaborating, he said, “You download common software. SQL Map: most middle-level hackers have heard that word. You can download that. The FBI said that worked in this case.”